LinkedIn announced today that thousands of user passwords were leaked in a recent security breach. Fortunately, LinkedIn immediately disabled access to all of these accounts and emailed the users to notify them of the problem.
Since the emails that LinkedIn sent out do not contain links, the company hopes that its users don’t view them as phishing emails. Normally, emails from a social media account involving spontaneous password changes are viewed with suspicion, especially with phishing scams becoming more and more common.
The strangest part about the attack on LinkedIn’s security network is the fact that LinkedIn has found no evidence of a data breach. Although the user accounts and passwords have been leaked online, it found no evidence of a hack within its own servers.
This lack of evidence is enough to cause PC security experts to worry. Since the frighteningly dangerous virus called Flame was able to remain hidden from the computer security world for so long, some are wondering if another deceptive virus could be making the rounds on social media networks, hacking passwords and user accounts as it goes.
While LinkedIn has a fairly secure server architecture, those in the PC security industry say that it could have done more to hide user passwords. LinkedIn uses an encrypting algorithm called SHA-1, but failed to use obscuring techniques that would have made it even more difficult for hackers to access the system. Specifically, by using one cryptographic hash function across all of its user passwords, it gave hackers easy access to the database if they were able to guess just one password.
Just because LinkedIn has informed its users of the data leak and temporarily removed access to their accounts doesn’t mean that your LinkedIn account is 100% safe. To be sure, change your password right now to something different than before. Try to mix a few capital letters, special characters, and other tricks into the password to make it as difficult as possible for hackers to gain access.